-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for "requester pays" operations #3474
Comments
@tseaver, the bucket owner will enable requester pays by setting |
@jdpedrie Thanks. That seems less elegant than I had imaginged (e.g., there would be some ACL / IAM tweak which would assign permissions to a "user-is-paying" role). The whole feature needs both narrative and API docs. |
@jdpedrie Is there anywhere in the API docs which defines the |
Not that I've seen in the public docs. I shared a google doc with more information. (Check your email). The REST discovery document will show which resources accept the |
@jdpedrie Thanks muchly! |
Implementation plan:
@lukesneeringer does that seem correct to you? |
Note that system testing for this feature requires that a second, valid project be accessible to the account running the tests. @dhermes, @lukesneeringer how do you think we should arrange for that, both for local testing and for CI? Update: we can test the creation of a bucket w/ |
Does this feature require whitelisting? I just tried adding a system test which passed the |
@tseaver yes -- tested to verify. works on my whitelisted project, fails on personal project. |
@tseaver We should probably just allow the system test to be skipped locally. It's not too difficult to get a 2nd project for CI. The plan seems OK 👍 |
Also, add 'requester_pays' argument to 'Client.create_bucket'. Add a system test which exercises the feature. Note that the new system test is skipped, because 'Buckets.insert' fails with the 'billing/requesterPays' field set, both in our system tests and in the 'Try It!' form in the docs. Toward #3474.
Note that development of this feature is moved off onto the |
Hi @tseaver is it possible to merge this branch into the client library for sample support? Other client libraries have merged this feature merged into master. |
@frankyn Is the feature public beta (or better) yet? |
Also, add 'requester_pays' argument to 'Client.create_bucket'. Add a system test which exercises the feature. Note that the new system test is skipped, because 'Buckets.insert' fails with the 'billing/requesterPays' field set, both in our system tests and in the 'Try It!' form in the docs. Toward googleapis#3474.
Also, add 'requester_pays' argument to 'Client.create_bucket'. Add a system test which exercises the feature. Note that the new system test is skipped, because 'Buckets.insert' fails with the 'billing/requesterPays' field set, both in our system tests and in the 'Try It!' form in the docs. Toward googleapis#3474.
Also, add 'requester_pays' argument to 'Client.create_bucket'. Add a system test which exercises the feature. Note that the new system test is skipped, because 'Buckets.insert' fails with the 'billing/requesterPays' field set, both in our system tests and in the 'Try It!' form in the docs. Toward googleapis#3474.
Also, add 'requester_pays' argument to 'Client.create_bucket'. Add a system test which exercises the feature. Note that the new system test is skipped, because 'Buckets.insert' fails with the 'billing/requesterPays' field set, both in our system tests and in the 'Try It!' form in the docs. Toward #3474.
@lukesneeringer, @dhermes I have just refreshed the I updated the one system test, previously skipped because the back-end needed us to be white-listed, to run unconditionally. We still need to figure out the CI sytem test story for testing that the |
@tseaver Let's coordinate the |
We need access to run requests passing their project ID as |
Chiming in: @tseaver, which operations does the system test use? The non-owner project doesn't require whitelisting for requester pays, only the bucket owner project. |
@frankyn The current system tests don't do anything more than create a bucket with However, to properly test the whole feature, we should add system tests which add / fetch / update object(s) in that bucket, passing |
Thanks for clarifying the state of tests. Follow-up question, by "having access" you mean grant |
System tests run under a service account, associated with a given project. In order to exercise the APIs which take |
IIUC, you're looking for more information what is necessary for testing Requester Pays with multiple projects? The secondary service account should have roles for Project Owner and Storage.Admin to its own Google Project for requester pays to bill the account when for example downloading an object from a requester pays enabled bucket. (Project Owner role assignment is at the Resource Manager level or in the Cloud Console). A role for reading an object must be granted such as |
@frankyn I think I have not communicated my issue clearly. IIUC, when making API requests to a bucket w/
If my understanding is incorrect, please take that as a sign that there needs to be a "concepts" document available which lays the feature out clearly (AFAICT, the feature is still entirely undocumented, so my understanding is based on reverse engineering the concept from the discovery doc, plus what the other languages have done). |
Following-up through email. |
Also, add 'requester_pays' argument to 'Client.create_bucket'. Add a system test which exercises the feature. Note that the new system test is skipped, because 'Buckets.insert' fails with the 'billing/requesterPays' field set, both in our system tests and in the 'Try It!' form in the docs. Toward #3474.
Also, add 'requester_pays' argument to 'Client.create_bucket'. Add a system test which exercises the feature. Note that the new system test is skipped, because 'Buckets.insert' fails with the 'billing/requesterPays' field set, both in our system tests and in the 'Try It!' form in the docs. Toward #3474.
Also, add 'requester_pays' argument to 'Client.create_bucket'. Add a system test which exercises the feature. Note that the new system test is skipped, because 'Buckets.insert' fails with the 'billing/requesterPays' field set, both in our system tests and in the 'Try It!' form in the docs. Toward #3474.
Also, add 'requester_pays' argument to 'Client.create_bucket'. Add a system test which exercises the feature. Note that the new system test is skipped, because 'Buckets.insert' fails with the 'billing/requesterPays' field set, both in our system tests and in the 'Try It!' form in the docs. Toward #3474.
* Add '{Bucket,Blob}.user_project' properties, and pass the corresponding 'userProject' query parameter in API requests. Closes #3474.
Will this ever be extended to include storage of the objects themselves? Or (to Branch out a little more distance) to the deployment of an instance on Google Compute Engine? The use case is a project space that offers a general service that brings up instances that then save results to storage. It would be amazing if a user could simply run the tool and provide their credentials without needing to worry about the details of setting up components of their own Google project. For academic groups this would be a game-changer because we could make tools for others to use and we wouldn't run out of money because the cost would be distributed. |
Hi @vsoch, thanks for reaching out! Could you provide more context around
I didn't quite understand the use-case. If you provide more information that would be helpful as well. Thank you! |
Hey @frankyn sure thing! Right now with requester pays, let's say that I have a project space bucket called BlueBucket. BlueBucket is tied to a web service where people can browse and download their favorite color files. I put an awesome file there, RedFile, and then per the documentation if I turn on requester pays, some of the requesters pay for the charges to interact with it. But I'm still paying these things:
Now let's say that many others contribute GreenFile, OrangeFile, and the way this is possible is via my application authenticating and handling the upload. This means that I am logically paying for storage, and the best I can do is have those that want to download / otherwise request GreenFile and OrangeFile to pay for that! But this gets poblematic (for me) over time because of the costs of RedFile, GreenFile, and OrangeFile are mostly on me. Instead I would want a distributed cost model. Since the user (let's call him OrangeMan) of OrangeFile is likely to also be the primary requester, I would want to provide him the service if he is responsible for payment of requests to use that file and for the storage itself. This way, we have a bunch of files in the same bucket still, available for the service, but the cost is distributed among the users. The real world scenario is at Stanford (or other academic places) where we are building tools for scientific containers. The containers are huge, and the tools are basic things like a registry. I would want to provide the tool for Stanford, but have labs (each signed up with their own Google project space accounts) to take responsibility for charges for their images. Does that make sense? |
IIUC, you want to distribute costs of storing objects in a bucket instead of the project owning the bucket incurring the storage costs. Real use case, a lab will commonly use their own data and they would also like to share the data with other labs in a "registry" where other labs could use their data. Follow-up: Although, you could do this using GCP + GCS by writing a registry software on top. The registry would maintain a list of available requester pays buckets shared by different labs. Effectively, having each lab pay storage costs for their data while other labs pay for request operations. |
Thanks, I'll come back here and check every so often for updates. I would want it scoped to a single bucket (for a consistently predictable namespace) so the second ideal would be a good workaround, but I'd much prefer the first (and will happily wait!) |
@vsoch, spoke with the Product Manager, and there was mention of a project focused around this, but there's no set timeline in the foreseeable future at this time. I'd suggest to try workaround at this time. I may lose this thread in the future, so I'd suggest keeping on eye on GCS Release Notes. Thanks for raising the question, cheers! |
Will do! Thanks muchly @frankyn. |
The storage docs don't really explain this, but the JSON API methods have begun to accept a `userProject' query parameter (or is it a header? only its yak-shaver knows for sure). The point of it looks to be to bill any charges associated with the request to a different project than the one which owns the bucket in which it takes place. I can't tell how a bucket owner is supposed to configure things such that foreign projects can only access objects by passing this parameter/header.
See the g-c-dotnet PR implementing preliminary support.
And hre is the g-c-php PR.
The text was updated successfully, but these errors were encountered: